@DustinB3403 said in Saltstack and Brew Casks:
@black3dynamite
That doesn't seem to work for me.
Either as my non-admin user or root
salt '*' cmd.run 'brew cask install obs -y'
[WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master?
Salt request timed out. The master is not responding. You may need to run your command with `--async` in order to bypass the congested event bus. With `--async`, the CLI tool will print the job id (jid) and exit immediately without listening for responses. You can then use `salt-run jobs.lookup_jid` to look up the results of the job in the job cache later.
Root
salt '*' cmd.run 'brew cask install obs -y'
[WARNING ] /usr/lib/python2.7/site-packages/salt/payload.py:149: DeprecationWarning: encoding is deprecated, Use raw=False instead.
ret = msgpack.loads(msg, use_list=True, ext_hook=ext_type_decoder, encoding=encoding)
admins-MacBook-Air.local:
Error: Running Homebrew as root is extremely dangerous and no longer supported.
As Homebrew does not drop privileges on installation you would be giving all
build scripts full access to your system.
https://docs.saltstack.com/en/latest/ref/cli/salt.html#options
Use the --timeout option
The timeout in seconds to wait for replies from the Salt minions. The timeout number specifies how long the command line client will wait to query the minions and check on running jobs. Default: 5
Or
Use --async option
Instead of waiting for the job to run on minions only print the job id of the started execution and complete. And then use salt-run jobs.lookup_jid to see the results.
# Using --timeout
sudo salt '*' cmd.run 'sudo -u non-adminuser brew cask install obs -y' --timeout 60
# Using --async
sudo salt '*' cmd.run 'sudo -u non-adminuser brew cask install obs -y' --async

@JaredBusch said in Orchestrate and control many web sites:
@scottalanmiller said in Orchestrate and control many web sites:
@Emad-R Exactly, that's more than running your own. $2.95 PER WEBSITE is quite expensive. Run your own and you can do it for $.35 per site!
No you cannot. Not for a single site or even a dozen.
$5 vultr instance / 12 sites comes in at $0.42
That doesn't count the labor to maintain, patch, make resiliant (excluding content related development, etc).
While certainly not expensive, it is also certainly not $0.35.
Ah, but don't forget, when we did a labour study we found that dealing with your own install had lower labour than when dealing with a shared instance because you don't get raw access. So we lowered labour.
So my numbers were obviously without labour, but so were the shared numbers. If you include labour both go up, but the shared goes up more from what we found in testing.

So I also realized that if you have even a small number of records, a dictionary will become super long. So you can compact the dictionary like this:
records:
ns1: {forward: 10.1.30.11, type: A, last: 11, rev: 30.1.10.in-addr.arpa.}
ansible: {forward: 10.1.30.5, type: A, last: 5, rev: 30.1.10.in-addr.arpa.}
So while the other way may be easier to read, this saves a TON of space.

@jaredbusch said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller why install a proxy when Apaches here and working what is the benefit to having a proxy on the same server. Let’s Encrypt perfectly with Apache
Security and flexibility typically. Here is the admitted marketing material from Nginx on security: "Security and anonymity – By intercepting requests headed for your backend servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network."

@dafyre said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
@Tim_G said in Normal Forms of Systems Administration:
So if 4th is strictly using RSAT... would 5th be full automation using SCCM, SCVMM, Orchestrator, and App Controller?
Yes, I believe so. Those would be tools in the Microsoft toolset for that. They tend to take a very different approach than many of their competitors and it's been a while since I've used it. Not sure if SCCM goes all of the way to defined state or just really heavily automated forth form. But I think you can get to that state.
I believe it is properly state defined (fifth form) but not code defined like most of the alternatives.
I think I got lost in all the clutter... but why do you separate Remote GUI from Remote CLI ?
Essentially "automatable interface" vs non-automatable interface. Not that GUIs cannot be automated, but effectively they cannot be.

@wirestyle22 said in How Much Data Do You Have:
@BRRABill said in How Much Data Do You Have:
@scottalanmiller said in How Much Data Do You Have:
@wirestyle22 said in How Much Data Do You Have:
@scottalanmiller said in How Much Data Do You Have:
@wirestyle22 said in How Much Data Do You Have:
@scottalanmiller said in How Much Data Do You Have:
@wirestyle22 said in How Much Data Do You Have:
@scottalanmiller said in How Much Data Do You Have:
@wirestyle22 said in How Much Data Do You Have:
About 20 TB total
What kind of data?
Security Camera videos, Office Data, High Res Imaging (City Planning), Marketing, Documentation, the list goes on
You take backups of security camera video?
It's body worn cameras for police
And those are backed up?
they have to be. they can be referred to for decades
Those two things are not related. Have to would be a compliance question. Being referred to for decades is about storage, probably archival, not backup.
You always discus the differences in these terms, but what @wirestyle22 mentioned would be a good thing to start a topic with and do some real world discussions.
It would be difficult because I'm still learning everything here. There are so many sites and they are all using different things. A lot of alternate configurations.
What I meant was ... something like you suggested. Not necessrily YOUR scenario, but sa smilar one.
Security footage that needs to be maintained for 10 years.
What kind of system is @scottalanmiller talking about...

It's true that you can make stateless systems without DevOps tooling and approaches. But the nature and assumptions of those systems is that you cannot. Just letting arbitrary logins (even of administrators) can undermine that. One of the beauties of the pure DevOps model is the lack of logins. Much like functional programming.

@stacksofplates said in What is DevOps?:
@scottalanmiller said in What is DevOps?:
@stacksofplates said in What is DevOps?:
@scottalanmiller said in What is DevOps?:
@stacksofplates said in What is DevOps?:
@scottalanmiller said in What is DevOps?:
@stacksofplates said in What is DevOps?:
@scottalanmiller said in What is DevOps?:
@stacksofplates said in What is DevOps?:
@scottalanmiller said in What is DevOps?:
Two very common SDI tools are Ansible and Salt, but two that are extremely different. Ansible works purely through agents that run on individual servers. Salt uses a central console to control agents. This oversimplifies both, but gives us an idea of the diversity in the way that different systems work.
A common way for smaller shops to work with Ansible is to install agents locally and those agents do nothing more than pull their own configurations from a central Git repository. In this way, in order to manage individual systems, all that needs to be done is for the correct state definition to be stored in the right Git repo. Ansible handles the rest. It looks for updates and applies them when they appear. This is a pure "pull" structure.
Salt works differently. The Salt Master can push commands, almost instantly, to Salt Minions (endpoints.) With salt you can issue traditional commands in real time and see the responses in real time on the master. This makes Salt very powerful for monitoring, in addition to control. State configurations are stored on the Salt Master, rather than on a separate change repository, and when applied can be pushed out instantly to all nodes that are currently online, no need to wait for a polling interval. This is a pure "push" structure.
Ansible is all push through SSH (they have some kind of pull mechanism but I don't think anyone uses it), it doesn't use any agents at all. You can also run commands directly with Ansible. Ad hoc commands are a big help with Ansible, it fixes the weird workarounds you have to use to get sudo to work with remote SSH commands.
Now you just run
ansible host -m shell -a "whatever you need to do" -b -K
One of their big selling points is that you can do pure push, all agent, no server
It doesn't use any agents at all. It's all Python. There is no "server" like with Puppet (there is a server in the sense that there is one or multiple machines you do everything from), but there is a machine(s) you push from to other machines.
Servers are typically pull, not push.
No. Agents are pull. The server holds the configs and the agent checks in and pulls the config. Ansible is push and specifically states that on their website.
Not necessarily. Salt is an agent but push. The agent doesn't pull. At least not by default.
It's the exception then. Chef and Puppet both pull. I really like the pull system for CM. I use Ansible for orchestration.
Yup. The push is their huge selling point. No other major player does it. And no open ports either. Doesn't need SSH which is huge.
How does the agent know to interact? Just heartbeat every few seconds?
Open connection. They always talk.

New Commands are:
The salt-key command is used to manage all of the keys on the master. To list the keys that are on the master:
salt-key -L
The keys that have been rejected, accepted, and pending acceptance are listed. The easiest way to accept the minion key is to accept all pending keys:
salt-key -A

@tim_g said in Installing Salt Master:
@scottalanmiller said in Installing Salt Master:
Now we can easily get Salt Master installed.
cd /tmp; curl -L https://bootstrap.saltstack.com -o install_salt.sh
sh install_salt.sh -M
What's the difference between installing it like you mention above, or via the repository apt-get install salt-master for example?
https://repo.saltstack.com/#ubuntu
Ubuntu because that's all I have available right now for testing, in case anyone has the urge to point that out. It's also the same for Fedora: https://docs.saltstack.com/en/latest/topics/installation/fedora.html
But that's besides the point.
In theory it handles grabbing the repos under the hood, but in a more universal way. And handles some distros that dont' necessarily have repos.